[Apr-2026] Exam Sure Pass CWNP Certification with CWSP-208 exam questions [Q45-Q70]

[Apr-2026] Exam Sure Pass CWNP Certification with CWSP-208 exam questions

Real CWNP CWSP-208 Exam Questions Study Guide

CWNP CWSP-208 Exam Syllabus Topics:

Topic	Details
Topic 1	Security Policy: This section of the exam measures the skills of a Wireless Security Analyst and covers how WLAN security requirements are defined and aligned with organizational needs. It emphasizes evaluating regulatory and technical policies, involving stakeholders, and reviewing infrastructure and client devices. It also assesses how well high-level security policies are written, approved, and maintained throughout their lifecycle, including training initiatives to ensure ongoing stakeholder awareness and compliance.
Topic 2	Vulnerabilities, Threats, and Attacks: This section of the exam evaluates a Network Infrastructure Engineer in identifying and mitigating vulnerabilities and threats within WLAN systems. Candidates are expected to use reliable information sources like CVE databases to assess risks, apply remediations, and implement quarantine protocols. The domain also focuses on detecting and responding to attacks such as eavesdropping and phishing. It includes penetration testing, log analysis, and using monitoring tools like SIEM systems or WIPS WIDS. Additionally, it covers risk analysis procedures, including asset management, risk ratings, and loss calculations to support the development of informed risk management plans.
Topic 3	WLAN Security Design and Architecture: This part of the exam focuses on the abilities of a Wireless Security Analyst in selecting and deploying appropriate WLAN security solutions in line with established policies. It includes implementing authentication mechanisms like WPA2, WPA3, 802.1X EAP, and guest access strategies, as well as choosing the right encryption methods, such as AES or VPNs. The section further assesses knowledge of wireless monitoring systems, understanding of AKM processes, and the ability to set up wired security systems like VLANs, firewalls, and ACLs to support wireless infrastructures. Candidates are also tested on their ability to manage secure client onboarding, configure NAC, and implement roaming technologies such as 802.11r. The domain finishes by evaluating practices for protecting public networks, avoiding common configuration errors, and mitigating risks tied to weak security protocols.
Topic 4	Security Lifecycle Management: This section of the exam assesses the performance of a Network Infrastructure Engineer in overseeing the full security lifecycle—from identifying new technologies to ongoing monitoring and auditing. It examines the ability to assess risks associated with new WLAN implementations, apply suitable protections, and perform compliance checks using tools like SIEM. Candidates must also demonstrate effective change management, maintenance strategies, and the use of audit tools to detect vulnerabilities and generate insightful security reports. The evaluation includes tasks such as conducting user interviews, reviewing access controls, performing scans, and reporting findings in alignment with organizational objectives.

 

NEW QUESTION # 45
In the IEEE 802.11-2012 standard, what is the purpose of the 802.1X Uncontrolled Port?

• A. To block unencrypted user traffic after a 4-Way Handshake completes
• B. To pass general data traffic after the completion of 802.11 authentication and key management
• C. To block authentication traffic until the 4-Way Handshake completes
• D. To allow only authentication frames to flow between the Supplicant and Authentication Server

Answer: D

Explanation:
The 802.1X Uncontrolled Port exists before a client is fully authenticated. It:
Permits only EAP/EAPoL frames to pass between the Supplicant and the Authenticator (AP or switch).
Blocks general data traffic until authentication completes.
After authentication, the Controlled Port is opened, allowing normal data flow.
Incorrect:
B). Authentication must complete before the 4-Way Handshake, not the other way around.
C). General data traffic uses the Controlled Port, not the Uncontrolled Port.
D). The Uncontrolled Port doesn't specifically deal with encrypted or decrypted user traffic.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X Port Behavior)
IEEE 802.1X Overview

NEW QUESTION # 46
A WLAN is implemented using WPA-Personal and MAC filtering.
To what common wireless network attacks is this network potentially vulnerable? (Choose 3)

• A. DoS
• B. Offline dictionary attacks
• C. ASLEAP
• D. MAC Spoofing

Answer: A,B,D

Explanation:
This network uses WPA-Personal (Pre-Shared Key) and MAC filtering. While it does offer some basic protections, it is still vulnerable to several well-known attack vectors:
A). Offline dictionary attacks: An attacker can capture the 4-way handshake and perform offline dictionary or brute-force attacks to guess the PSK.
B). MAC Spoofing: Since MAC filtering is based on easily observed MAC addresses, attackers can spoof an authorized MAC address.
D). DoS: Attacks such as deauthentication floods or RF jamming can deny users access without needing to break encryption.
Incorrect:
C). ASLEAP: This is specific to LEAP (a weak EAP type), which is not used in WPA-Personal.
References:
CWSP-208 Study Guide, Chapter 5 (Threats and Attacks)
CWNP Exam Objectives: WLAN Authentication and Encryption
CWNP Whitepaper on WPA/WPA2 vulnerabilities

NEW QUESTION # 47
Given: You are installing 6 APs on the outside of your facility. They will be mounted at a height of 6 feet.
What must you do to implement these APs in a secure manner beyond the normal indoor AP implementations? (Choose the single best answer.)

• A. User external antennas.
• B. Power the APs using PoE.
• C. Use internal antennas.
• D. Ensure proper physical and environmental security using outdoor ruggedized APs or enclosures.

Answer: D

Explanation:
Outdoor APs must be:
Protected from theft or tampering (physical security).
Shielded from weather/environmental conditions (IP-rated enclosures).
Mounted and secured to prevent unauthorized physical access or damage.
Incorrect:
A & B. Antenna type is relevant to RF coverage but does not address outdoor-specific security needs.
C). PoE is useful for power delivery but not a security solution.
References:
CWSP-208 Study Guide, Chapter 7 (Physical Security for Wireless Devices) CWNP Outdoor WLAN Deployment Guidelines

NEW QUESTION # 48
Given: WLAN attacks are typically conducted by hackers to exploit a specific vulnerability within a network.
What statement correctly pairs the type of WLAN attack with the exploited vulnerability? (Choose 3)

• A. Association flood attacks are Layer 3 DoS attacks performed against authenticated client stations
• B. Management interface exploit attacks are attacks that use social engineering to gain credentials from managers.
• C. Zero-day attacks are always authentication or encryption cracking attacks.
• D. Hijacking attacks interrupt a user's legitimate connection and introduce a new connection with an evil twin AP.
• E. RF DoS attacks prevent successful wireless communication on a specific frequency or frequency range.
• F. Social engineering attacks are performed to collect sensitive information from unsuspecting users

Answer: D,E,F

Explanation:
C). RF DoS attacks use signal jamming or interference to prevent communication.
D). Hijacking uses deauthentication and re-association to force users onto rogue APs.
E). Social engineering uses manipulation to acquire credentials or sensitive information.
Incorrect:
A). Management interface exploit attacks typically involve web or CLI interface vulnerabilities, not social engineering.
B). Zero-day attacks are based on unknown vulnerabilities, not just limited to authentication or encryption.
F). Association flood attacks occur at Layer 2, not Layer 3.
References:
CWSP-208 Study Guide, Chapter 5 (Types of Wireless Attacks)
CWNP Security Essentials - WLAN Threat Matrix
CWNP Whitepapers on Rogue APs and Social Engineering

NEW QUESTION # 49
When TKIP is selected as the pairwise cipher suite, what frame types may be protected with data confidentiality? (Choose 2)

• A. QoS Data
• B. Robust unicast management
• C. ACK
• D. Robust broadcast management
• E. Control
• F. Data

Answer: A,F

Explanation:
TKIP (Temporal Key Integrity Protocol) is a pairwise encryption method introduced with WPA to enhance WEP security. TKIP can protect:
D). Data frames: These are the core unicast data transmissions between clients and access points.
F). QoS Data frames: These are a subtype of data frames supporting 802.11e/WMM enhancements and are also protected under TKIP.
Incorrect:
A & B. TKIP does not support robust management frame protection. Management frame protection is handled by 802.11w with AES-CCMP and BIP.
C & E. Control frames and ACKs are never encrypted, as they need to be read by all stations regardless of encryption status.
References:
CWSP-208 Study Guide, Chapter 3 (Frame Types and Encryption)
IEEE 802.11i Standard

NEW QUESTION # 50
What is one advantage of using EAP-TTLS instead of EAP-TLS as an authentication mechanism in an 802.11 WLAN?

• A. EAP-TTLS does not require an authentication server, but EAP-TLS does.
• B. EAP-TTLS sends encrypted supplicant credentials to the authentication server, but EAP-TLS uses unencrypted user credentials.
• C. EAP-TTLS does not require the use of a certificate for each STA as authentication credentials, but EAP- TLS does.
• D. EAP-TTLS supports client certificates, but EAP-TLS does not.

Answer: C

Explanation:
EAP-TLS requires both server and client-side digital certificates, which adds complexity in client certificate management.
EAP-TTLS uses a server certificate to establish a secure TLS tunnel, after which user credentials (e.g., username/password) are sent inside the encrypted tunnel. No client certificate is needed.
Incorrect:
A). EAP-TLS also encrypts credentials using TLS.
B). EAP-TLS supports client certificates (it's the core requirement).
C). Both EAP methods require an authentication server.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Methods Comparison)
CWNP EAP-TTLS Deployment Guide

NEW QUESTION # 51
What preventative measures are performed by a WIPS against intrusions?

• A. ASLEAP attack against a rogue AP
• B. Uses SNMP to disable the switch port to which rogue APs connect
• C. EAPoL Reject frame flood against a rogue AP
• D. Deauthentication attack against a classified neighbor AP
• E. Evil twin attack against a rogue AP

Answer: B

Explanation:
Wireless Intrusion Prevention Systems (WIPS) can proactively respond to detected threats using various techniques. One such preventative measure is integration with the wired infrastructure to mitigate rogue APs by disabling the switch port they are connected to. This is typically done through SNMP or other switch management interfaces.
This form of wired-side containment is more secure and compliant than wireless-side attacks (e.g., deauthentication), which can violate regulations in some jurisdictions.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Architecture and Countermeasures CWNP CWSP-208 Exam Objectives: "WIPS Prevention and Containment Techniques"

NEW QUESTION # 52
When using the 802.1X/EAP framework for authentication in 802.11 WLANs, why is the 802.1X Controlled Port still blocked after the 802.1X/EAP framework has completed successfully?

• A. The 802.1X Controlled Port is always blocked, but the Uncontrolled Port opens after the EAP authentication process completes.
• B. The 4-Way Handshake must be performed before the 802.1X Controlled Port changes to the unblocked state.
• C. The 802.1X Controlled Port is blocked until Vender Specific Attributes (VSAs) are exchanged inside a RADIUS packet between the Authenticator and Authentication Server.
• D. The 802.1X Controlled Port remains blocked until an IP address is requested and accepted by the Supplicant.

Answer: B

Explanation:
The 802.1X Controlled Port remains blocked after EAP authentication is complete. It is only unblocked once the 4-Way Handshake completes successfully. This handshake:
Confirms that both client and AP have the same PMK.
Derives the PTK and installs keys.
Once encryption keys are in place, the Controlled Port is opened for data.
Incorrect:
A). The Controlled Port is what opens after successful authentication and key establishment.
B). IP addressing (via DHCP) happens after the Controlled Port is open.
D). Vendor-Specific Attributes may play a role in policy assignment but do not govern port control timing.
References:
CWSP-208 Study Guide, Chapter 4 (802.1X and Controlled Port Behavior)
IEEE 802.1X and 802.11i Standards

NEW QUESTION # 53
You perform a protocol capture using Wireshark and a compatible 802.11 adapter in Linux. When viewing the capture, you see an auth req frame and an auth rsp frame. Then you see an assoc req frame and an assoc rsp frame. Shortly after, you see DHCP communications and then ISAKMP protocol packets. What security solution is represented?

• A. 802.1X/PEAPv0/MS-CHAPv2
• B. EAP-MD5
• C. Open 802.11 authentication with IPSec
• D. 802.1X/EAP-TTLS
• E. WPA2-Personal with AES-CCMP

Answer: C

Explanation:
The frame sequence described shows:
802.11 Open System authentication and association
DHCP communication (for IP configuration)
ISAKMP packets, which are part of IPSec (used for key exchange and tunnel negotiation) This indicates that link-layer authentication is not used, but instead, higher-layer encryption (IPSec VPN) secures communications.
Incorrect:
A and C. Would show EAP negotiation and 802.1X authentication frames.
D). WPA2-Personal would include a 4-Way Handshake before DHCP.
E). EAP-MD5 does not involve ISAKMP and is used within 802.1X authentication.
References:
CWSP-208 Study Guide, Chapter 4 (IPSec and Upper-Layer Security)
Wireshark Frame Analysis of IPSec Tunnels

NEW QUESTION # 54
What elements should be addressed by a WLAN security policy? (Choose 2)

• A. Social engineering recognition and mitigation techniques
• B. Enabling encryption to prevent MAC addresses from being sent in clear text
• C. The exact passwords to be used for administration interfaces on infrastructure devices
• D. How to prevent non-IT employees from learning about and reading the user security policy
• E. End-user training for password selection and acceptable network use

Answer: A,E

Explanation:
A strong WLAN security policy should encompass both technical controls and user education.
C). Educating users about secure password creation and acceptable use policies helps reduce risks due to weak authentication and misuse.
E). Social engineering is a common attack vector, and educating users to recognize and report such attempts is critical.
Incorrect:
A). MAC addresses are always transmitted in the clear, even with encryption.
B). Policies should be shared with users to promote compliance and awareness.
D). Passwords for administrative systems should not be disclosed in public documentation or policy documents.
References:
CWSP-208 Study Guide, Chapter 2 (Security Policies and End-User Training) CWNP WLAN Security Policy Templates

NEW QUESTION # 55
Given: The Aircrack-ng WLAN software tool can capture and transmit modified 802.11 frames over the wireless network. It comes pre-installed on Kali Linux and some other Linux distributions.
What are three uses for such a tool? (Choose 3)

• A. Transmitting a deauthentication frame to disconnect a user from the AP.
• B. Cracking the authentication or encryption processes implemented poorly in some WLANs
• C. Probing the RADIUS server and authenticator to expose the RADIUS shared secret
• D. Auditing the configuration and functionality of a WIPS by simulating common attack sequences

Answer: A,B,D

Explanation:
Aircrack-ng is a versatile toolset commonly used for WLAN penetration testing and security auditing. Its capabilities include:
A). Injecting deauth frames to simulate or test disconnection scenarios.
B). Testing WIPS responsiveness by simulating common attack frames.
D). Performing dictionary and brute-force attacks against weakly protected networks (e.g., WPA2-PSK with a weak passphrase).
Incorrect:
C). Aircrack-ng does not probe or test RADIUS shared secrets.
References:
CWSP-208 Study Guide, Chapter 7 (Tools and Wireless Attacks)
Aircrack-ng Documentation (https://www.aircrack-ng.org/)
CWNP Attack Simulation Labs

NEW QUESTION # 56
Given: You are using a Wireless Aggregator utility to combine multiple packet captures. One capture exists for each of channels 1, 6 and 11. What kind of troubleshooting are you likely performing with such a tool?

• A. Narrowband DoS attack detection.
• B. Interference source location.
• C. Fast secure roaming problems.
• D. Wireless adapter failure analysis.

Answer: C

Explanation:
When using a wireless aggregator to combine packet captures from channels 1, 6, and 11 (the three non- overlapping 2.4 GHz channels), you're most likely analyzing multi-channel behavior. This is particularly relevant when troubleshooting roaming issues, such as fast secure roaming (e.g., 802.11r). These captures help determine whether authentication or association events occur smoothly across APs operating on different channels.
Incorrect:
A). Adapter failure doesn't require multi-channel capture.
B). Interference location is typically single-channel and spectrum-analysis focused.
D). Narrowband DoS attacks are also usually identified using RF spectrum analysis, not packet capture across all channels.
References:
CWSP-208 Study Guide, Chapter 6 (Roaming and Mobility)
CWNP Whitepaper: WLAN Troubleshooting Methodologies
CWNP Learning Portal: 802.11 Roaming and Analysis

NEW QUESTION # 57
Given: During 802.1X/LEAP authentication, the username is passed across the wireless medium in clear text.
From a security perspective, why is this significant?

• A. 4-Way Handshake nonces are based on the username in WPA and WPA2 authentication.
• B. The username is an input to the LEAP challenge/response hash that is exploited, so the username must be known to conduct authentication cracking.
• C. The username is needed for Personal Access Credential (PAC) and X.509 certificate validation.
• D. The username can be looked up in a dictionary file that lists common username/password combinations.

Answer: B

Explanation:
In Cisco LEAP (Lightweight EAP), the username is sent in clear text as part of the 802.1X authentication process. LEAP uses a challenge/response authentication mechanism that is susceptible to offline dictionary attacks because the attacker only needs to know the username and capture the challenge/response exchange to perform brute-force guessing of passwords. The username is used in generating the hash for the authentication exchange, making its disclosure critical for an attacker.
Incorrect:
A). PACs are used in EAP-FAST, not LEAP.
C). The 4-Way Handshake nonces are unrelated to the username.
D). While dictionary files may include username/password combos, the cryptographic significance in LEAP is due to the challenge/response mechanism.
References:
CWSP-208 Study Guide, Chapter 4 (EAP Types and Authentication Attacks)
CWNP Whitepaper: LEAP Vulnerabilities

NEW QUESTION # 58
Given: Many computer users connect to the Internet at airports, which often have 802.11n access points with a captive portal for authentication.
While using an airport hot-spot with this security solution, to what type of wireless attack is a user susceptible? (Choose 2)

• A. Man-in-the-Middle
• B. UDP port redirection
• C. IGMP snooping
• D. Wi-Fi phishing
• E. Management interface exploits

Answer: A,D

Explanation:
Open networks with captive portals do not provide link-layer encryption, so:
A). Man-in-the-Middle (MitM): Attackers can intercept or modify traffic between the user and the legitimate network (especially before HTTPS negotiation).
B). Wi-Fi phishing: Evil twin APs may mimic the legitimate hotspot and show a fake captive portal, stealing user credentials or prompting malicious downloads.
Incorrect:
C). Management interface exploits target device admin panels, not typical client users.
D). UDP port redirection and
E). IGMP snooping are network-layer behaviors, not common user-targeted attacks.
References:
CWSP-208 Study Guide, Chapter 5 (Hotspot Vulnerabilities)
CWNP Wi-Fi Phishing and Evil Twin Defense Strategies

NEW QUESTION # 59
Given: ABC Company has a WLAN controller using WPA2-Enterprise with PEAPv0/MS-CHAPv2 and AES- CCMP to secure their corporate wireless data. They wish to implement a guest WLAN for guest users to have Internet access, but want to implement some security controls. The security requirements for the hot-spot include:
* Cannot access corporate network resources
* Network permissions are limited to Internet access
* All stations must be authenticated
What security controls would you suggest? (Choose the single best answer.)

• A. Require guest users to authenticate via a captive portal HTTPS login page and place the guest WLAN and the corporate WLAN on different VLANs.
• B. Configure access control lists (ACLs) on the guest WLAN to control data types and destinations.
• C. Use a WIPS to deauthenticate guest users when their station tries to associate with the corporate WLAN.
• D. Implement separate controllers for the corporate and guest WLANs.
• E. Force all guest users to use a common VPN protocol to connect.

Answer: A

Explanation:
This solution meets all the requirements:
Captive portals allow simple authentication for guest users.
VLAN separation enforces network segmentation.
HTTPS ensures authentication is encrypted.
Incorrect:
A). Separate controllers are unnecessary and costly.
B). WIPS enforcement is reactive, not proactive for normal access control.
C). ACLs alone don't enforce authentication.
E). VPN requirements would be overly complex for guests.
References:
CWSP-208 Study Guide, Chapter 6 (Guest Network Architecture & Captive Portal Authentication)

NEW QUESTION # 60
Joe's new laptop is experiencing difficulty connecting to ABC Company's 802.11 WLAN using 802.1X/EAP PEAPv0. The company's wireless network administrator assured Joe that his laptop was authorized in the WIPS management console for connectivity to ABC's network before it was given to him. The WIPS termination policy includes alarms for rogue stations, roque APs, DoS attacks and unauthorized roaming.
What is a likely reason that Joe cannot connect to the network?

• A. Joe disabled his laptop's integrated 802.11 radio and is using a personal PC card radio with a different chipset, drivers, and client utilities.
• B. An ASLEAP attack has been detected on APs to which Joe's laptop was trying to associate. The WIPS responded by disabling the APs.
• C. Joe's integrated 802.11 radio is sending multiple Probe Request frames on each channel.
• D. Joe configured his 802.11 radio card to transmit at 100 mW to increase his SNR. The WIPS is detecting this much output power as a DoS attack.

Answer: A

Explanation:
WIPS systems often enforce policies based on MAC addresses and associated hardware fingerprints. If Joe uses a different wireless adapter than the one authorized, it may trigger a rogue device or unauthorized client alarm-even if it's the same laptop. This behavior is common in environments with strict WIPS enforcement policies.

NEW QUESTION # 61
As a part of a large organization's security policy, how should a wireless security professional address the problem of rogue access points?

• A. A trained employee should install and configure a WIPS for rogue detection and response measures.
• B. Conduct thorough manual facility scans with spectrum analyzers to detect rogue AP RF signatures.
• C. Enable port security on Ethernet switch ports with a maximum of only 3 MAC addresses on each port.
• D. Hide the SSID of all legitimate APs on the network so that intruders cannot copy this parameter on rogue APs.
• E. Use a WPA2-Enterprise compliant security solution with strong mutual authentication and encryption for network access of corporate devices.

Answer: A

Explanation:
Rogue APs pose a significant risk and should be detected and mitigated automatically.
D). A properly configured Wireless Intrusion Prevention System (WIPS) can detect unauthorized APs and prevent client associations to them in real time.
Incorrect:
A). While WPA2-Enterprise adds client-level protection, it does not detect rogue APs.
B). Hiding SSIDs is ineffective-SSIDs are still discoverable in management frames.
C). Manual scans are labor-intensive and impractical for ongoing monitoring.
E). Port security controls wired threats but cannot detect rogue APs using wireless signals.
References:
CWSP-208 Study Guide, Chapter 6 (Wireless Intrusion Prevention Systems) CWNP Rogue Detection Strategies

NEW QUESTION # 62
ABC Company has deployed a Single Channel Architecture (SCA) solution to help overcome some of the common problems with client roaming. In such a network, all APs are configured with the same channel and BSSID. PEAPv0/EAP-MSCHAPv2 is the only supported authentication mechanism.
As the Voice over Wi-Fi (STA-1) client moves throughout this network, what events are occurring?

• A. STA-1 controls when and where to roam by using signal and performance metrics in accordance with the chipset drivers and 802.11k.
• B. The WLAN controller controls the AP to which STA-1 is associated and transparently moves this association in accordance with the physical location of STA-1.
• C. The WLAN controller is querying the RADIUS server for authentication before the association of STA-
  1 is moved from one AP to the next.
• D. STA-1 initiates open authentication and 802.11 association with each AP prior to roaming.

Answer: C

Explanation:
An 802.11a/g-based WIPS cannot detect rogue activity that occurs in 802.11n/ac-specific modes, including Greenfield (HT-only) operation and use of 40 MHz channels, which are not part of the 802.11a/g specification. Greenfield mode disables legacy support, so a WIPS limited to 802.11a/g radios won't even
"see" these frames. This leaves a significant blind spot for detecting certain types of rogue devices or attacks using newer PHYs.
References:
CWSP-208 Study Guide, Chapter 7 - WIPS Capabilities and Limitations
CWNP CWSP-208 Objectives: "Protocol Compatibility and Threat Detection"

NEW QUESTION # 63
What field in the RSN information element (IE) will indicate whether PSK- or Enterprise-based WPA or WPA2 is in use?

• A. AKM Suite List
• B. Pairwise Cipher Suite List
• C. RSN Capabilities
• D. Group Cipher Suite

Answer: A

Explanation:
The AKM (Authentication and Key Management) Suite List field within the RSN Information Element defines which authentication methods are supported by the AP. This field distinguishes between PSK (Pre- Shared Key) and Enterprise (802.1X) modes:
AKM Suite OUI 00-0F-AC:1 = WPA2-Personal (PSK)
AKM Suite OUI 00-0F-AC:2 = WPA2-Enterprise (802.1X)
By examining this field in Beacon or Probe Response frames, a protocol analyzer can determine the authentication method enforced by the BSS.
References:
CWSP-208 Study Guide, Chapter 6 - RSN IE Fields and Analysis
CWNP CWSP-208 Objectives: "RSN IE Analysis" and "Authentication Methods Identification"

NEW QUESTION # 64
Given: Mary has just finished troubleshooting an 802.11g network performance problem using a laptop-based WLAN protocol analyzer. The wireless network implements 802.1X/PEAP and the client devices are authenticating properly. When Mary disables the WLAN protocol analyzer, configures her laptop for PEAP authentication, and then tries to connect to the wireless network, she is unsuccessful. Before using the WLAN protocol analyzer, Mary's laptop connected to the network without any problems.
What statement indicates why Mary cannot access the network from her laptop computer?

• A. The nearby WIPS sensor categorized Mary's protocol analyzer adapter as a threat and is performing a deauthentication flood against her computer.
• B. The protocol analyzer's network interface card (NIC) drivers are still loaded and do not support the version of PEAP being used.
• C. Mary's supplicant software is using PEAPv0/EAP-MSCHAPv2, and the access point is using PEAPv1
  /EAP-GTC.
• D. The PEAP client's certificate was voided when the protocol analysis software assumed control of the wireless adapter.

Answer: B

Explanation:
Many protocol analyzers require special drivers or place the NIC into monitor/promiscuous mode. When used this way, the original driver stack may be altered or replaced. Afterward, if not correctly reloaded, the adapter may lack full 802.1X support or required encryption features. This is likely the case here - Mary's WLAN adapter is still under the control of or affected by the analyzer's NIC driver, which doesn't support PEAP properly.
References:
CWSP-208 Study Guide, Chapter 6 - Protocol Analysis Limitations and NIC Driver Issues CWNP CWSP-208 Objectives: "Troubleshooting WLAN Authentication and Driver Conflicts"

NEW QUESTION # 65
For a WIPS system to identify the location of a rogue WLAN device using location patterning (RF fingerprinting), what must be done as part of the WIPS installation?

• A. All WIPS sensors must be installed as dual-purpose (AP/sensor) devices.
• B. A location chipset (GPS) must be installed with it.
• C. The RF environment must be sampled during an RF calibration process.
• D. At least six antennas must be installed in each sensor.

Answer: C

Explanation:
For a WIPS system to perform location patterning (also called RF fingerprinting), it must first perform an RF calibration or RF site survey. This process involves sampling signal strengths from known locations to develop a model of how signals propagate in the environment. This "fingerprint" is then used to triangulate or estimate the positions of rogue devices.

NEW QUESTION # 66
Given: You are the WLAN administrator in your organization and you are required to monitor the network and ensure all active WLANs are providing RSNs. You have a laptop protocol analyzer configured.
In what frame could you see the existence or non-existence of proper RSN configuration parameters for each BSS through the RSN IE?

• A. RTS
• B. Beacon
• C. Probe request
• D. Data frames
• E. CTS

Answer: B

Explanation:
The RSN (Robust Security Network) Information Element (IE) is used to advertise the security capabilities of a wireless network, particularly for WPA2 and WPA3 networks. This RSN IE is contained in Beacon and Probe Response management frames, not in Probe Request, RTS, CTS, or Data frames. The Beacon frame is sent periodically by an AP to announce its presence and includes critical information about the BSS, including security settings like the RSN IE.
You would use a protocol analyzer to capture Beacon frames and inspect the RSN IE field to confirm if a BSS is properly configured to use RSN protections such as WPA2-Enterprise or WPA2-Personal.
References:
CWSP-208 Study Guide, Chapter 6 - WLAN Discovery & Enumeration
CWNP CWSP-208 Objectives: "802.11 Frame Analysis" and "Understanding RSN Information Element Fields"

NEW QUESTION # 67
What wireless authentication technologies may build a TLS tunnel between the supplicant and the authentication server before passing client authentication credentials to the authentication server? (Choose 3)

• A. EAP-MD5
• B. PEAPv0/MSCHAPv2
• C. LEAP
• D. EAP-TLS
• E. EAP-TTLS

Answer: B,D,E

Explanation:
All three EAP methods - EAP-TLS, PEAPv0, and EAP-TTLS - establish a secure TLS tunnel between the supplicant and the authentication server before client credentials are passed:
B). EAP-TLS uses mutual certificate authentication inside a TLS tunnel.
D). PEAPv0/MSCHAPv2 creates a TLS tunnel and then authenticates the user with MSCHAPv2 inside the tunnel.
E). EAP-TTLS creates a TLS tunnel and then supports legacy credentials (e.g., PAP, CHAP, MSCHAPv2) securely within it.
Incorrect:
A). EAP-MD5 does not use TLS at all.
C). LEAP is not TLS-based and is considered insecure.
References:
CWSP-208 Study Guide, Chapter 4 (TLS-Based EAP Methods)
CWNP EAP Protocol Comparison Matrix

NEW QUESTION # 68
Given: A WLAN consultant has just finished installing a WLAN controller with 15 controller-based APs.
Two SSIDs with separate VLANs are configured for this network, and both VLANs are configured to use the same RADIUS server. The SSIDs are configured as follows:
SSID Blue - VLAN 10 - Lightweight EAP (LEAP) authentication - CCMP cipher suite SSID Red - VLAN 20 - PEAPv0/EAP-TLS authentication - TKIP cipher suite The consultant's computer can successfully authenticate and browse the Internet when using the Blue SSID.
The same computer cannot authenticate when using the Red SSID.
What is a possible cause of the problem?

• A. The consultant does not have a valid Kerberos ID on the Blue VLAN.
• B. The client does not have a proper certificate installed for the tunneled authentication within the established TLS tunnel.
• C. The Red VLAN does not use server certificate, but the client requires one.
• D. The TKIP cipher suite is not a valid option for PEAPv0 authentication.

Answer: B

Explanation:
PEAPv0/EAP-TLS is a tunneled EAP method that requires:
The server to present a certificate for TLS tunnel establishment.
The client to present a valid client certificate within the tunnel (in the case of EAP-TLS).
If the client does not have a valid X.509 certificate installed, authentication will fail.
Incorrect:
A). The server certificate is required for the TLS tunnel, and it is typically present; the issue here lies with the client cert.
B). TKIP is technically compatible with PEAPv0, although AES-CCMP is preferred.
D). Kerberos is unrelated to EAP authentication and VLAN use.
References:
CWSP-208 Study Guide, Chapter 4 (PEAP and EAP-TLS Authentication)
IEEE 802.1X and TLS Frameworks

NEW QUESTION # 69
While seeking the source of interference on channel 11 in your 802.11n WLAN running within 2.4 GHz, you notice a signal in the spectrum analyzer real time FFT display. The signal is characterized with the greatest strength utilizing only 1-2 megahertz of bandwidth and it does not use significantly more bandwidth until it has weakened by roughly 20 dB. At approximately -70 dB, it spreads across as much as 35 megahertz of bandwidth.
What kind of signal is described?

• A. A deauthentication flood from a WIPS blocking an AP
• B. A frequency hopping wireless device in discovery mode
• C. A high-power, narrowband signal
• D. A 2.4 GHz WLAN transmission using transmit beam forming
• E. A high-power ultra wideband (UWB) Bluetooth transmission
• F. An HT-OFDM access point

Answer: C

Explanation:
Spectrum analyzer observations indicate a narrow 1-2 MHz peak with a strong signal, which broadens only when significantly attenuated. This behavior matches a high-powered narrowband interferer (like a microwave ignitor or industrial radio) - not Bluetooth hopping or standard WLAN signals

NEW QUESTION # 70
......

Updated and Accurate CWSP-208 Questions for passing the exam Quickly: https://www.troytecdumps.com/CWSP-208-troytec-exam-dumps.html

Download Real CWSP-208 Exam Dumps for candidates. 100% Free Dump Files: https://drive.google.com/open?id=1Dr9ATXpbfNr9dXiCpSWkHneCmWTcfeyl